majusko / grpc-jwt-spring-boot-starter

Spring boot starter for gRPC framework with JWT authorization
Other
39 stars 7 forks source link

Bump grpc-testing from 1.41.0 to 1.47.0 #141

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 2 years ago

Bumps grpc-testing from 1.41.0 to 1.47.0.

Release notes

Sourced from grpc-testing's releases.

v1.46.0

Bug Fixes

  • netty: Fixed incompatibility with Netty 4.1.75.Final that caused COMPRESSION_ERROR (#9004)
  • xds: Fix LBs blindly propagating control plane errors (#9012). This change forces the use of UNAVAILABLE for any xDS communication failures, which otherwise could greatly confuse an application. This is essentially a continuation of the fix in 1.45.0 for XdsNameResolver, but for other similar cases
  • xds: Fix ring_hash reconnecting behavior. Previously a TRANSIENT_FAILURE subchannel would remain failed forever
  • xds: Fix ring_hash defeating priority’s failover connection timeout. grpc/proposal#296
  • binder: Work around an Android Intent bug for consistent AndroidComponentAndress hashCode() and equals() (#9061)
  • binder: Fix deadlock when using process-local Binder (#8987). Process-local binder has a different threading model than normal FLAG_ONEWAY, so this case is now detected and the FLAG_ONEWAY threading model is emulated
  • okhttp: Removed dead code in io.grpc.okhttp.internal.Util. This should have no impact except for static code analysis. This code was never used and was from the process of forking okhttp. It calculated things like MD5 which can trigger security scanners (#9071)

Behavior Changes

  • java_grpc_library.bzl: Pass use_default_shell_env = True for protoc (#8984). This allows using MinGW on Windows
  • xds: Unconditionally apply backoff on ADS and LDS stream recreation. Previously if a message had been received on the stream no backoff wait would be performed. This limits QPS to a buggy server to 1 QPS, instead of a closed loop
  • xds: Skip Routes within VirtualHosts whose RouteAction has no cluster_specifier. This probably means the control plane is using a cluster_specifier field unknown/unsupported by gRPC. The control plane can repeat the Route with a different cluster_specifier for compatibility with older clients
  • xds: Support xds.config.resource-in-sotw client capability. Resources wrapped in a io.envoyproxy.envoy.service.discovery.v3.Resource message are now supported (#8997)

New Features

  • gcp-observability: A new experimental module for improving visibility into gRPC workloads. Initially supports logging RPCs to Google Cloud Logging
  • grpclb: Support setting initial fallback timeout by service config (#8980)

Dependencies

  • PerfMark bumped to 0.25.0 (#8948)
  • okhttp: the okhttp dependency is now compile only (#8971). Okhttp’s internal HTTP/2 implementation was forked inside grpc-okhttp a long time ago, but there had been a few stray internal classes that had not been forked but should have been. That has now been fixed in preparation for OkHttp 3/4 support. Compile-only may cause a runtime failure for code using reflection on OkHttpChannelBuilder; add a dependency on okhttp 2.7.4 to resolve
  • bom: Removed protoc-gen-grpc-java from the BOM, as the classifier was confusing and it provided no value (#9020)

Acknowledgements

@​jesseschalken @​kluever @​beatrausch

v1.45.1

Bug Fixes

  • netty: Fixed incompatibility with Netty 4.1.75.Final that caused COMPRESSION_ERROR (#9004)
  • xds: Fix LBs blindly propagating control plane errors (#9012). This change forces the use of UNAVAILABLE for any xDS communication failures, which otherwise could greatly confuse an application. This is essentially a continuation of the fix in 1.45.0 for XdsNameResolver, but for other similar cases

v1.45.0

gRPC Java 1.45.0 Release Notes

Bug Fixes

  • rls: fix child lb leak when client channel is shutdown (#8750)
  • rls: fix RLS lb policy name (#8867)
  • testing: fix GrpcCleanupRule issue when retrying tests (#8918)
  • xds: Fix XdsNameResolver blindly propagates control plane errors (#8953). This change forces the use of UNAVAILABLE for any xDS communication failures, which otherwise could greatly confuse an application
  • xds: fix validation code to accept new-style CertificateProviderPluginInstance (#8892)
  • xds: fix a concurrency issue in CSDS ClientStatus responses (#8795)
  • xds: Squelch "Failed to resolve name" ADS reconnection error logs. Workaround for #8886 (#8942)
  • xds: Improve priority failover handling for IDLE subpolicies (#8926). This mainly improves behavior with ring_hash
  • bom: Include grpc-binder
  • binder: Fix a ServiceConnection leak (#8861)

... (truncated)

Commits
  • 76b37d3 Bump version to 1.47.0
  • 98ec497 Update README etc to reference 1.47.0, protobuf plugin 0.8.18
  • e0238df Update to handle rename of java_names.h to names.h in protobuf upstream (#9218)
  • 6bf3e2c Bump GSON to 2.9.0 (#9215)
  • 540be7f interop-test: Remove duplicated GCE tests
  • bd025d3 Enable xDS custom LB config by default. (#9214)
  • 74112ad xds: Make a copy of Metadata for thread safety. (#9212)
  • 7e578ed xds: Properly assign picker. (#9201)
  • a6b1476 xds: Custom LB configs to support UDPA TypeStruct (#9198)
  • 61604ac xds: Use weighted_target LB provider in wrr_locality (#9195)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 2 years ago

Superseded by #145.